Thunder Attack targets the Thunderbolt port on modern Macs and PCs

A newly discovered vulnerability behind the Thunderbolt port on Macs or PCs could put an attack on your computer. When a malicious accessory attaches to a Thunderbolt port, hackers can essentially access your files and steal data.

Researchers demonstrated the Thunderclap vulnerability at the Symposium on Network and Distributed Systems Security and how direct memory access or DMA, used by Thunderbolt ports to accelerate memory access, endangers your computers. In addition to the Thunderbolt ports, researchers say the vulnerability also affects a number of other ports that use the low-level access to memory access, including Firewire, Thunderbolt 2 and 3, and USB-C.

while risking DMA Up to now, designers have been built into input-output memory management units (IOMMUs) as security measures. According to Sophos' Naked Security blog, this works as follows: "Access is granted through a virtual address space managed by the operating system in conjunction with hardware input-output storage management units."

However, this is not true for IOMMUs effective as previously thought. If a hacker inserts an endangered peripheral that contains malicious code, there are ways to bypass the IOMMU layer. "These vulnerabilities allow an attacker with physical access to a Thunderbolt port to compromise a target computer in seconds by executing arbitrary code at the highest privilege level and possibly accessing passwords, bank signing, encryption keys, private files, browsing, and other data." reported the blog.

Researchers discovered the vulnerability by building their own device called Thunderclap, hence the name behind the vulnerability. Any computer with a Thunderbolt port, including systems running Windows, Linux, FreeBSD, and MacOS from Apple, is at risk, although researchers have been warned that even computers with a damaged PCIe card could be affected.

Operating system manufacturers have been warned The 201

6 findings and the latest software updates for MacOS, Windows 10 and Linux have eliminated some of the risks associated with this type of attack, but PCIe cards are still not secure.

To further reduce the risk Do not use public or certified USB-C chargers and do not connect any peripherals or accessories that you are unfamiliar with.